subtree updates:raspberrypi:arm:security: Jan 27 2023
meta-raspberrypi: 896566aa92..6c57b92708:
Martin Jansa (2):
pi-bluetooth: fix typo in Upstream-Status
gstreamer1.0-omx: fix Upstream-Status format
meta-arm: 5c42f084f7..3d51e1117d:
Abdellatif El Khlifi (1):
arm-bsp/u-boot: Corstone1000: bump to v2022.10
Anton Antonov (1):
arm/kernel: Update ARM-FFA kernel drivers
Daniel Díaz (1):
arm-bsp/firmware-image-juno: Fix deployment of compressed Image
Jon Mason (8):
arm-bsp/juno: move to compressed initramfs image
arm-bsp/juno: Update kernel patches to the latest
arm-bsp/trusted-firmware-m: corstone1000: TFM file clean-ups
arm/trusted-firmware-m: disable fatal warnings
arm-toolchain: update Arm GCC to 12.2
external-arm-toolchain: Enable 12.2.rel1 support
arm-bsp: add u-boot v2022.10 support
arm-bsp: add u-boot v2022.10 support
Peter Hoyes (8):
arm/scp-firmware: Ensure CMAKE_BUILD_TYPE is capitalized
arm/scp-firmware: Disable cppcheck
arm: Add addpylib declaration
arm/lib: Add XAUTHORITY to runfvp environment
classes: Define FVP_ENV_PASSTHROUGH variable dependencies
classes: Prevent passing None to the runfvp environment
classes: Set ARMLMD_LICENSE_FILE in the runfvp environment
arm: Use SRC* variables consistently
Qi Feng (1):
arm-bsp/fvp-baser-aemv8r64: Rebase u-boot patches onto v2022.10
Ross Burton (9):
meta-*: mark layers as compatible with mickledore only
arm-toolchain: remove obsolete oe_import
CI: switch back to master
CI: remove obsolete linux-yocto workarounds
Revert "CI: revert a meta-clang change which breaks pixman (thus, xserver)"
arm-bsp/fvp-base*: no need to remove rng-tools from openssh
CI: pass --update and --force-checkout to kas in pending-updates job
CI: use 'kas dump' instead of manually catting files
CI: remove obsolete install
Rui Miguel Silva (1):
arm-bsp/u-boot: corstone500: bump to 2022.10
Theodore A. Roth (1):
arm/optee-os: Fix FILESEXTRAPATHS
meta-security: f991b20f56..3d9dab6d14:
Chen Qi (1):
openscap: add libpcre DEPEDNS to fix do_configure failure
Markus Volk (1):
bubblewrap: remove recipe
Martin Jansa (1):
layer.conf: update LAYERSERIES_COMPAT for mickledore
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I5abd2487fbf395b33b1934ff90bd6d97c7953e6c
diff --git a/meta-security/conf/layer.conf b/meta-security/conf/layer.conf
index 84346a1..b5a74f1 100644
--- a/meta-security/conf/layer.conf
+++ b/meta-security/conf/layer.conf
@@ -9,7 +9,7 @@
BBFILE_PATTERN_security = "^${LAYERDIR}/"
BBFILE_PRIORITY_security = "8"
-LAYERSERIES_COMPAT_security = "langdale mickledore"
+LAYERSERIES_COMPAT_security = "mickledore"
LAYERDEPENDS_security = "core openembedded-layer"
diff --git a/meta-security/meta-hardening/conf/layer.conf b/meta-security/meta-hardening/conf/layer.conf
index a150085..add3cbc 100644
--- a/meta-security/meta-hardening/conf/layer.conf
+++ b/meta-security/meta-hardening/conf/layer.conf
@@ -8,6 +8,6 @@
BBFILE_PATTERN_harden-layer = "^${LAYERDIR}/"
BBFILE_PRIORITY_harden-layer = "10"
-LAYERSERIES_COMPAT_harden-layer = "langdale mickledore"
+LAYERSERIES_COMPAT_harden-layer = "mickledore"
LAYERDEPENDS_harden-layer = "core openembedded-layer"
diff --git a/meta-security/meta-integrity/conf/layer.conf b/meta-security/meta-integrity/conf/layer.conf
index 237306d..b273b5b 100644
--- a/meta-security/meta-integrity/conf/layer.conf
+++ b/meta-security/meta-integrity/conf/layer.conf
@@ -20,7 +20,7 @@
# interactive shell is enough.
OE_TERMINAL_EXPORTS += "INTEGRITY_BASE"
-LAYERSERIES_COMPAT_integrity = "langdale mickledore"
+LAYERSERIES_COMPAT_integrity = "mickledore"
# ima-evm-utils depends on keyutils from meta-oe
LAYERDEPENDS_integrity = "core openembedded-layer"
diff --git a/meta-security/meta-parsec/conf/layer.conf b/meta-security/meta-parsec/conf/layer.conf
index 3495235..0a71694 100644
--- a/meta-security/meta-parsec/conf/layer.conf
+++ b/meta-security/meta-parsec/conf/layer.conf
@@ -8,7 +8,7 @@
BBFILE_PATTERN_parsec-layer = "^${LAYERDIR}/"
BBFILE_PRIORITY_parsec-layer = "5"
-LAYERSERIES_COMPAT_parsec-layer = "langdale mickledore"
+LAYERSERIES_COMPAT_parsec-layer = "mickledore"
LAYERDEPENDS_parsec-layer = "core clang-layer"
BBLAYERS_LAYERINDEX_NAME_parsec-layer = "meta-parsec"
diff --git a/meta-security/meta-security-compliance/conf/layer.conf b/meta-security/meta-security-compliance/conf/layer.conf
index a250f5c..f07532c 100644
--- a/meta-security/meta-security-compliance/conf/layer.conf
+++ b/meta-security/meta-security-compliance/conf/layer.conf
@@ -8,7 +8,7 @@
BBFILE_PATTERN_scanners-layer = "^${LAYERDIR}/"
BBFILE_PRIORITY_scanners-layer = "10"
-LAYERSERIES_COMPAT_scanners-layer = "langdale mickledore"
+LAYERSERIES_COMPAT_scanners-layer = "mickledore"
LAYERDEPENDS_scanners-layer = "core openembedded-layer meta-python"
diff --git a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc
index 4babcf9..e875227 100644
--- a/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc
+++ b/meta-security/meta-security-compliance/recipes-openscap/openscap/openscap.inc
@@ -6,8 +6,8 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24"
LICENSE = "LGPL-2.1-only"
-DEPENDS = "dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig"
-DEPENDS:class-native = "pkgconfig-native swig-native curl-native libxml2-native libxslt-native libcap-native"
+DEPENDS = "dbus acl bzip2 pkgconfig gconf procps curl libxml2 libxslt libcap swig libpcre"
+DEPENDS:class-native = "pkgconfig-native swig-native curl-native libxml2-native libxslt-native libcap-native libpcre-native"
S = "${WORKDIR}/git"
diff --git a/meta-security/meta-security-isafw/conf/layer.conf b/meta-security/meta-security-isafw/conf/layer.conf
index bc88530..550cced 100644
--- a/meta-security/meta-security-isafw/conf/layer.conf
+++ b/meta-security/meta-security-isafw/conf/layer.conf
@@ -14,4 +14,4 @@
LAYERDEPENDS_security-isafw = "core"
-LAYERSERIES_COMPAT_security-isafw = "langdale mickledore"
+LAYERSERIES_COMPAT_security-isafw = "mickledore"
diff --git a/meta-security/meta-tpm/conf/layer.conf b/meta-security/meta-tpm/conf/layer.conf
index 0dd19b6..81690ca 100644
--- a/meta-security/meta-tpm/conf/layer.conf
+++ b/meta-security/meta-tpm/conf/layer.conf
@@ -8,7 +8,7 @@
BBFILE_PATTERN_tpm-layer = "^${LAYERDIR}/"
BBFILE_PRIORITY_tpm-layer = "10"
-LAYERSERIES_COMPAT_tpm-layer = "langdale mickledore"
+LAYERSERIES_COMPAT_tpm-layer = "mickledore"
LAYERDEPENDS_tpm-layer = " \
core \
diff --git a/meta-security/recipes-security/bubblewrap/bubblewrap_0.7.0.bb b/meta-security/recipes-security/bubblewrap/bubblewrap_0.7.0.bb
deleted file mode 100644
index a48b012..0000000
--- a/meta-security/recipes-security/bubblewrap/bubblewrap_0.7.0.bb
+++ /dev/null
@@ -1,22 +0,0 @@
-DESCRIPTION = "Unprivileged sandboxing tool"
-HOMEPAGE = "https://github.com/containers/bubblewrap"
-LICENSE = "LGPL-2.0-or-later"
-LIC_FILES_CHKSUM = "file://COPYING;md5=5f30f0716dfdd0d91eb439ebec522ec2"
-
-DEPENDS = "libcap"
-
-SRC_URI = "https://github.com/containers/${BPN}/releases/download/v${PV}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "764ab7100bd037ea53d440d362e099d7a425966bc62d1f00ab26b8fbb882a9dc"
-
-inherit autotools bash-completion github-releases manpages pkgconfig
-
-GITHUB_BASE_URI = "https://github.com/containers/${BPN}/releases/"
-
-PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}"
-PACKAGECONFIG[manpages] = "--enable-man,--disable-man,libxslt-native docbook-xsl-stylesheets-native xmlto-native"
-PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux,libselinux"
-PACKAGECONFIG[setuid] = "--with-priv-mode=setuid,--with-priv-mode=none"
-
-PACKAGES += "${PN}-zsh-completion"
-
-FILES:${PN}-zsh-completion = "${datadir}/zsh/site-functions"